Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1ae9d8b2-218c-4376-936d-185032ce890b.roa
File:                     1ae9d8b2-218c-4376-936d-185032ce890b.roa (raw, json)
Hash identifier:          B61r0R2J80YtB0qwbWA9IHIWqCE3BcBt1BKR7ghAyeA=
Subject key identifier:   2B:64:76:2F:A0:A5:F4:8B:A7:56:97:0C:78:AF:32:94:F0:1C:5F:99
Certificate issuer:       /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial:       25190C5387A2B558F4511D5951BDDC2627BC07D4
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1ae9d8b2-218c-4376-936d-185032ce890b.roa
Signing time:             Sat 05 Apr 2025 00:11:11 +0000
ROA not before:           Sat 05 Apr 2025 00:11:11 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2001:3fc7:f840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:19:0c:53:87:a2:b5:58:f4:51:1d:59:51:bd:dc:26:27:bc:07:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
        Validity
            Not Before: Apr  5 00:11:11 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:36:df:41:43:61:5b:d1:a7:43:92:3b:0d:80:
                    a7:dc:e6:a8:54:f0:18:5a:62:2f:23:1e:e8:8d:1b:
                    97:a2:e4:33:ee:7d:99:32:e3:d7:27:74:34:59:62:
                    ee:63:40:bc:a3:21:7d:8b:7f:f5:92:5b:24:0d:41:
                    1d:05:df:ce:e6:7e:80:3f:43:6b:ff:5c:49:64:ff:
                    10:b2:5a:7e:fe:da:48:96:13:0a:63:7a:e3:3f:b7:
                    96:fd:a5:98:d1:96:cc:a8:f2:9e:0c:40:69:37:0e:
                    6d:0a:77:32:92:9a:b3:f6:c0:9d:4e:90:ef:11:f0:
                    5f:02:cf:20:f6:8c:ac:97:64:1a:9a:80:74:21:f3:
                    c3:2e:74:e5:2f:d9:73:47:b4:ca:d9:1a:59:38:f5:
                    03:82:89:9a:0d:97:eb:cd:97:7e:68:94:15:8a:40:
                    c6:f5:de:5d:e9:f3:24:68:ff:23:0e:20:02:ef:7a:
                    11:8a:90:02:57:cb:9d:00:40:bd:13:c1:96:1b:25:
                    00:a8:34:4e:62:69:f0:0b:a6:86:db:e2:d5:81:b3:
                    04:a8:58:ac:11:ea:08:f6:b0:3e:bf:c1:92:4a:c9:
                    bf:2c:c1:04:9d:a1:09:72:de:e4:70:e9:84:eb:37:
                    dc:f7:a7:54:4e:2f:91:84:0a:55:b9:5e:fb:fc:a8:
                    b1:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:64:76:2F:A0:A5:F4:8B:A7:56:97:0C:78:AF:32:94:F0:1C:5F:99
            X509v3 Authority Key Identifier:
                keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1ae9d8b2-218c-4376-936d-185032ce890b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3fc7:f840::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:3d:81:a9:6f:15:29:ab:4a:54:b8:a2:6f:bf:a3:e7:e4:02:
         49:8d:28:62:dc:5e:c2:2d:30:85:18:f2:14:3d:a5:8f:d0:79:
         79:88:a9:c2:2a:a9:c3:f6:5f:bc:83:28:d4:34:e4:f6:ef:4a:
         df:c5:2a:10:4e:bc:f0:54:f4:1f:b2:55:fe:c7:f4:90:13:e1:
         c9:96:b5:63:5a:d1:fc:03:09:27:f3:b1:7c:5f:d2:3e:3d:8e:
         b4:6c:db:60:4e:30:89:dd:58:8f:28:1c:25:56:2f:e2:86:9d:
         3f:c1:e0:8b:d5:a9:de:ba:e4:45:05:1a:2f:5d:56:11:87:d0:
         d4:7d:be:21:9d:06:12:7d:ee:51:63:b1:6d:94:66:b5:ec:e1:
         7e:e1:72:0f:f9:cb:e5:ee:9c:75:ef:77:91:bb:34:4a:3b:8f:
         1d:e6:40:4b:17:5a:cd:ea:45:36:86:c3:70:6b:6c:f6:95:3e:
         ee:9f:ee:e0:51:a0:bb:72:ad:e8:3c:13:ba:fd:7d:3f:2b:4c:
         4e:b6:b7:9b:7f:a7:4c:0a:d3:3b:03:ac:37:92:63:f7:db:75:
         e9:be:f0:4f:8d:23:71:75:58:6b:2a:64:62:4e:b3:74:ca:2e:
         58:e3:f8:fe:04:3d:b5:62:57:9b:71:1f:bd:ed:2c:90:ec:42:
         2d:3a:8b:4f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJRkMU4eitVj0UR1ZUb3cJie8B9QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA0MDUwMDExMTFaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiM2U1ZDZhMDY1ZmY1NzMzYjZiZTVhNmFjNDRmMjRjNGQxMzQzYTY3YmVi
ZjZjMTQ1OWE2MzRjYjY5NjQxYTgxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKc230FDYVvRp0OSOw2Ap9zmqFTwGFpiLyMe6I0bl6LkM+59mTLj1yd0NFli
7mNAvKMhfYt/9ZJbJA1BHQXfzuZ+gD9Da/9cSWT/ELJafv7aSJYTCmN64z+3lv2l
mNGWzKjyngxAaTcObQp3MpKas/bAnU6Q7xHwXwLPIPaMrJdkGpqAdCHzwy505S/Z
c0e0ytkaWTj1A4KJmg2X682XfmiUFYpAxvXeXenzJGj/Iw4gAu96EYqQAlfLnQBA
vRPBlhslAKg0TmJp8Aumhtvi1YGzBKhYrBHqCPawPr/BkkrJvyzBBJ2hCXLe5HDp
hOs33PenVE4vkYQKVble+/yosRsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQrZHYv
oKX0i6dWlwx4rzKU8BxfmTAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MWFlOWQ4YjItMjE4Yy00Mzc2LTkzNmQtMTg1MDMyY2U4OTBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8f4
QDANBgkqhkiG9w0BAQsFAAOCAQEAAD2BqW8VKatKVLiib7+j5+QCSY0oYtxewi0w
hRjyFD2lj9B5eYipwiqpw/ZfvIMo1DTk9u9K38UqEE688FT0H7JV/sf0kBPhyZa1
Y1rR/AMJJ/OxfF/SPj2OtGzbYE4wid1YjygcJVYv4oadP8Hgi9Wp3rrkRQUaL11W
EYfQ1H2+IZ0GEn3uUWOxbZRmtezhfuFyD/nL5e6cde93kbs0SjuPHeZASxdazepF
NobDcGts9pU+7p/u4FGgu3Kt6DwTuv19PytMTra3m3+nTArTOwOsN5Jj99t16b7w
T40jcXVYaypkYk6zdMouWOP4/gQ9tWJXm3Efve0skOxCLTqLTw==
-----END CERTIFICATE-----